Thursday, September 14, 2006

Recently I attended a talk on Speak-up a system that aims to prevent application level DDoS by forcing clients to expend extra bandwidth via a special request that is uniform in size. In this case through the use of an HTTP Post. This extra request is then processed by what they call a thiner which calculates the number of bytes sent thus far and stores it in a queue sorted largest to smallest. A request is passed on to the server(s) if it originates from the host at the front of the queue. Thus the server handles requests based on the amount of bandwidth expended by each host.

My major criticisms of the system are:

Adding latency hurts the user experience

In order to make it to the top of the queue you have to you have to transmit n units of bandwidth before being served.

You can't assume that the attacking machines will all be using all of their bandwidth as this is under the attackers control. Instead they could simply try to get more machines in their botnet.

The increase in bandwidth could has repercussions for large sites.

As the paper states by deploying this system you're encouraging the exhaustion of bandwidth similarly to a network based DDoS attack. One side effect in most DDoS attacks is that various points / other networks across the path are affected by the increase in traffic not just the endpoint. Meaning that there could be unintended victims.

Thursday, September 7, 2006

It's been a while since I've read something in security that just flat out made me go wow. Today while going through my usual morning routine of checking blogs and email I stumbled upon this post by Stephen Murdoch, in which he uses the fact that quartz crystals the ones used to control the system clock in PCs change speed at different temperatures to identify Tor hidden services. All I can say is wow!